Re: [Asrg] Unique innovations made to anti-spam system

On 2006-01-23 11:41:56 -0800, Douglas Otis wrote:
> On Jan 23, 2006, at 9:25 AM, Peter J. Holzer wrote:
>
> > Russ' Scheme gets around this problem but at the cost of  
> > potentially being much more annoying to forgery victims.
> > (I guess that it could be combined with SPF or DKIM to give victims  
> > an easy way to avoid being ddossed)
> DKIM is not related to the return-path and is not expected to survive  
> within a DSN.
It doesn't have to be. My idea was simply to exempt domains which use
DKIM from the auto-ack check. 

I.e. if a message is received from a sender domain which announces that
it uses DKIM:

    If the message has matching signature, accept it.

    If the message has no or an incorrect signature reject it.

(Same thing for SPF, etc.)

Otherwise quarantine message and send auto-ack.

I.e., if you are flooded with lots of auto-acks because a spammer
forges your mail addresses, you can simply add an SPF record, or
(a bit less simple) implement DKIM on your outgoing mails to stop the
flood.

I still don't like that scheme, but this way it would only be annoying
instead of nasty.


> BATV, much like VERP, offers a solution for preventing any "back- 
> scatter" problem from affecting the users.
Yes, but it has to implemented by the sender. If I implement it, I will
get less (or even no) backscatter, but it won't reduce the amount of
"real" spam I get. Russ' scheme tries to achieve that (but is of course
easily circumvented by spammers once it is in wide use).

        hp

-- 
   _  | Peter J. Holzer    | Ich sehe nun ein, dass Computer wenig
|_|_) | Sysadmin WSR       | geeignet sind, um sich was zu merken.
| |   | hjp(_at_)hjp(_dot_)at         |
__/   | http://www.hjp.at/ |    -- Holger Lembke in dan-am

pgp4f1jSt0aM3.pgp
Description: PGP signature

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg